-
漏洞信息 (F36879)

Debian Security Advisory 698-1 - An unfixed buffer overflow has been discovered by Andrew V. Samoilov in mc, the midnight commander, a file browser and manager. This update also fixes a regression from DSA 497.

-
漏洞讨论

A buffer overflow vulnerability exists in Midnight Commander. The vulnerability is caused by insufficient bounds checking of external data supplied to the 'insert_text()' function.

This issue may allow local attackers to execute arbitrary code in the context of another user.

-
漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

-
解决方案

Red Hat has released advisory RHSA-2005:512-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

TurboLinux has released advisory TLSA-2005-46 to address this issue. Please see the attached advisory for further information on obtaining and applying fixes.

Debian has released advisory DSA 698-1 to address this issue. Please see the attached advisory for further information on obtaining and applying fixes.

---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.